dotenv-secretsmanager 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +29 -0
- data/lib/dotenv/secretsmanager/configuration.rb +3 -0
- data/lib/dotenv/secretsmanager/version.rb +1 -1
- data/lib/dotenv/secretsmanager.rb +19 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 62ef3b65d117f00e7c365872b6beb81e8da2bf425169881f4a298fcc388ce644
|
|
4
|
+
data.tar.gz: f3b4a305fbd391229c9a7ec50cff7478cb61fb3351cd94c28e05b2f2208f2999
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6959abb2346741590c566de52e2242b108686e8d33dbee5c1f4995bdcbd55736478cf064f4b647ca315db4d5460b40290d3ebec0e9a94158619148b92469dbf2
|
|
7
|
+
data.tar.gz: a1762b6689843fba05b3f89effbe0e10b9e53cdfcef62105d8cdb46b90423a55378e9ccacccca0b5b2d37116304223c6d14d7782b3b4eb445a05433480cae2c5
|
data/README.md
CHANGED
|
@@ -61,6 +61,35 @@ end
|
|
|
61
61
|
Credentials and region come from the standard AWS SDK credential chain. The gem
|
|
62
62
|
makes zero AWS calls and builds no client when no references are present.
|
|
63
63
|
|
|
64
|
+
## Skipping resolution
|
|
65
|
+
|
|
66
|
+
Set the `DOTENV_SECRETSMANAGER_SKIP` env var (or `configuration.skip`) to make
|
|
67
|
+
`resolve!` a pure no-op: no AWS calls, no client constructed, and `aws-sm:`
|
|
68
|
+
references left untouched in `ENV`.
|
|
69
|
+
|
|
70
|
+
```sh
|
|
71
|
+
DOTENV_SECRETSMANAGER_SKIP=true
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
```ruby
|
|
75
|
+
Dotenv::SecretsManager.configure { |c| c.skip = true }
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
- The env var is truthy when it is `1`, `true`, `yes`, or `on`
|
|
79
|
+
(case-insensitive; surrounding whitespace is ignored). Anything else —
|
|
80
|
+
`""`, `0`, `false`, `no`, or unset — does not by itself skip.
|
|
81
|
+
- Either source skips: a truthy env var **or** `configuration.skip == true`.
|
|
82
|
+
The config flag skips regardless of the env var.
|
|
83
|
+
- The env var is read at call time (when the railtie fires), so it is the right
|
|
84
|
+
knob for build-time use.
|
|
85
|
+
|
|
86
|
+
The primary use case is an image build that boots the app — for example a Rails
|
|
87
|
+
`assets:precompile` step in a Docker build — where there is no AWS region or
|
|
88
|
+
credentials and no secrets are needed. Without skipping, constructing the AWS
|
|
89
|
+
client raises (e.g. `Aws::Errors::MissingRegionError`) and fails the build. Set
|
|
90
|
+
`DOTENV_SECRETSMANAGER_SKIP=true` on that step only. Non-secret `.env`
|
|
91
|
+
config still loads normally; only secrets resolution is skipped.
|
|
92
|
+
|
|
64
93
|
## Deployment (AWS Lightsail Container Service)
|
|
65
94
|
|
|
66
95
|
Set only `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_REGION` as
|
|
@@ -9,11 +9,14 @@ module Dotenv
|
|
|
9
9
|
attr_accessor :logger
|
|
10
10
|
# nil => a default Aws::SecretsManager::Client (built lazily, only if needed)
|
|
11
11
|
attr_accessor :client
|
|
12
|
+
# true => skip resolution entirely (no AWS calls, no client, ENV untouched)
|
|
13
|
+
attr_accessor :skip
|
|
12
14
|
|
|
13
15
|
def initialize
|
|
14
16
|
@on_error = :raise
|
|
15
17
|
@logger = nil
|
|
16
18
|
@client = nil
|
|
19
|
+
@skip = false
|
|
17
20
|
end
|
|
18
21
|
end
|
|
19
22
|
end
|
|
@@ -9,6 +9,8 @@ require "dotenv/secretsmanager/resolver"
|
|
|
9
9
|
|
|
10
10
|
module Dotenv
|
|
11
11
|
module SecretsManager
|
|
12
|
+
SKIP_ENV_VAR = "DOTENV_SECRETSMANAGER_SKIP"
|
|
13
|
+
|
|
12
14
|
class << self
|
|
13
15
|
def configuration
|
|
14
16
|
@configuration ||= Configuration.new
|
|
@@ -24,8 +26,25 @@ module Dotenv
|
|
|
24
26
|
end
|
|
25
27
|
|
|
26
28
|
def resolve!(env = ENV)
|
|
29
|
+
return env if skip?
|
|
30
|
+
|
|
27
31
|
Resolver.new(env: env, config: configuration).resolve!
|
|
28
32
|
end
|
|
33
|
+
|
|
34
|
+
# Skip resolution entirely. Either the env var or the config flag can
|
|
35
|
+
# request it; resolution happens only when neither does. Read at call
|
|
36
|
+
# time so a railtie firing during an image build honors the env var.
|
|
37
|
+
def skip?
|
|
38
|
+
truthy?(ENV[SKIP_ENV_VAR]) || configuration.skip
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
private
|
|
42
|
+
|
|
43
|
+
def truthy?(value)
|
|
44
|
+
return false if value.nil?
|
|
45
|
+
|
|
46
|
+
%w[1 true yes on].include?(value.strip.downcase)
|
|
47
|
+
end
|
|
29
48
|
end
|
|
30
49
|
end
|
|
31
50
|
end
|